🌐 Understanding and Complying with the RED 3.3 Directive for Products with Wireless Capabilities 🌐
📡 Are you a manufacturer of products with wireless capabilities like NFC, Wi-Fi, or Bluetooth? You need to act now on the EU Directive for Radio Equipment, RED 3.3, to meet the new cybersecurity requirements by August 2025. Watch our Webinar on Demand now.
🎥 WATCH HERE: https://lnkd.in/eiD82QXc
Hugo Lenssen from Rijksinspectie Digitale Infrastructuur, Michael Beine from Bureau Veritas Group, and Jasper N. Nota from Secura will explain RED 3.3 and best practices on how to become compliant.
KEY TAKEAWAYS
1️⃣ Significance and Scope of RED 3.3 Compliance:
The RED 3.3 regulations become mandatory by August 2025, impacting manufacturers of wireless products like #NFC, Wi-Fi, and Bluetooth.
The directive ensures cybersecurity and data privacy, covering encryption, firmware updates, and unauthorized access prevention.
Compliance involves manufacturers, test labs, notified bodies, and market surveillance authorities, ensuring regulatory standards are met before market entry. Products already in use are excluded, but new or modified products sold after August 2025 must comply.
2️⃣ Compliance Procedure and Standards:
Compliance steps: initial awareness, health check/gap analysis, conceptual/functional assessment, and certification. The process takes six to nine months, so manufacturers should start now.
Standards include ETSI EN 303 645 for IoT, IEC 62443 for industrial automation, and EN 18031 for self-assessment. Test labs and notified bodies are crucial for standards requiring third-party validation.
3️⃣ Challenges and Practical Examples of Vulnerabilities:
Common vulnerabilities: insecure debug interfaces on security cameras, insecure storage of wireless credentials on smart lights, and command injection in industrial routers. These highlight the need for physical and network security.
Manufacturers should adopt a risk management approach, not just treat compliance as a checklist. This involves thorough testing and continuous monitoring to ensure device security throughout their lifecycle.
Hugo Lenssen: "One more thing: Cybersecurity isn’t just a tick box, it's thinking about risks. It takes time, and depending on the type of company, you need product innovation, a CISO, an ICT person, and/or proper knowledge if needed. Don’t wait—you can already do things now".